Revision [2596]
This is an old revision of fredregistry made by JulianDemarchi on 2011-08-22 19:58:31.
FRED Registry HOWTO
I will attempt explain how to correctly setup a server to run the FRED registry backend[0]. I will also briefy run over the basic usage off FRED. I would like to point out at this early stage that I am no expert in FRED. This howto is a complication of my notes I made while installing FRED. The sections on FRED's usage is only my limited expereince and their might be better ways to preform the operations I go through. The OS used in the howto is Debian lenny, but the instructions should fit other flavours.
Install required packages
FRED requires the system to have a number of install packages on the system, otherwise FRED will fail to compile or operate correctly.Debian based
On the system we issue the following command;
apt-get install apache2 postgresql gcc autoconf make bison build-essential libpq-dev omniidl4 omniidl4-python libomniorb4-dev libomnithread3-dev libdaemon-dev libboost-dev libboost-thread-dev libboost-date-time-dev libboost-program-options-dev libboost-regex-dev python-imaging python-reportlab tinyerp-server xsltproc apache2-threaded-dev liborbit2-dev libxml2-dev python-cherrypy3 python-simpletal python-omniorb2 omniidl4-python libapache2-mod-python omniorb4-nameserver omniorb4 python-clearsilver python-dnspython python-pygresql fpdns whois openssl libidn11 libidn11-dev python-trml2pdf ttf-freefont python-simplejson php5 sendmail ldnsutils
Answer any questions asked during install. If you're unsure of the answer, select the default option.
Debnain Wheezy
apt-get install apache2 postgresql gcc autoconf make bison build-essential libpq-dev omniidl omniidl-python libomniorb4-dev libomnithread3-dev libdaemon-dev libboost-dev libboost-thread-dev libboost-date-time-dev libboost-program-options-dev libboost-regex-dev python-imaging python-reportlab xsltproc apache2-threaded-dev liborbit2-dev libxml2-dev python-cherrypy3 python-simpletal python-omniorb omniidl-python libapache2-mod-python omniorb-nameserver omniorb python-clearsilver python-dnspython python-pygresql fpdns whois openssl libidn11 libidn11-dev python-trml2pdf ttf-freefont python-simplejson php5 sendmail ldnsutils
Gentoo
omniORBpy-3.6 has to be installed via sources, portage does not include it and layman's overlay (science) does not compile successfully.
download at: http://sourceforge.net/projects/omniorb/files/omniORBpy/
$ tar xjf *bz2; cd omni* $ ./configure --prefix=/usr/ --with-omniorb=/usr/; make $ sudo make install
USE flags
dev-db/postgresql-server doc python perl dev-libs/libxslt python media-libs/gd truetype jpeg fontconfig dev-libs/libxml2 python media-gfx/graphviz python dev-libs/boost python dev-util/boost-build python dev-libs/clearsilver python net-misc/omniORB ssl net-libs/ldns python ssl
Keywords
net-dns/fpdns ~amd64 app-office/openerp-server ~amd64 dev-python/simpletal ~amd64 net-libs/ldns python ssl
Packages
net-misc/omniORB \ # robust, high-performance CORBA 2 ORB Basic Build tools gcc autoconf make bison \ # Basic build tools dev-libs/openssl Libs dev-libs/clearsilver \ # fast, powerful, and language-neutral HTML template system dev-libs/boost \ dev-libs/libdaemon \ media-fonts/freefont-ttf \ # TrueType Unicode fonts dev-libs/libxml2 \ # library to manipulate XML files net-dns/libidn \ # Internationalized Domain Names (IDN) implementation Webserver www-servers/apache dev-lang/php \ # Webserver www-apache/mod_python \ # Apache2 module providing an embedded Python Nameserver bind bind-tools \ # Nameserver net-dns/fpdns \ # Fingerprinting DNS servers net-dns/ldns-utils \ # Set of utilities to simplify various dns(sec) tasks. Databases dev-db/postgresql-server Misc app-doc/doxygen \ # documentation system app-office/openerp-server \ # Open Source ERP & CRM app-xemacs/xslt-process \ # XSLT processing support net-misc/whois \ # improved Whois Client Python dev-python/pyorbit \ # ORBit2 bindings for Python dev-db/pygresql \ # A Python interface for the PostgreSQL database dev-python/simplejson \ # JSON encoder/decoder for Python dev-python/cherrypy \ # pythonic, object-oriented HTTP framework dev-python/simpletal:4 \ # Python implementation of the TAL, TALES and METAL specifications - python2, use :5 for python3 dev-python/dnspython \ # DNS toolkit for Python dev-python/imaging \ # Python Imaging Library (PIL) dev-python/reportlab \ # Tools for generating printable PDF documents from any data source
Oneliner
emerge -n net-misc/omniORB gcc autoconf make bison dev-libs/openssl dev-libs/clearsilver dev-libs/boost dev-libs/libdaemon media-fonts/freefont-ttf dev-libs/libxml2 net-dns/libidn www-servers/apache dev-lang/php www-apache/mod_python bind bind-tools net-dns/fpdns net-dns/ldns-utils dev-db/postgresql-server app-doc/doxygen app-office/openerp-server app-xemacs/xslt-process net-misc/whois dev-python/pyorbit dev-db/pygresql dev-python/simplejson dev-python/cherrypy dev-python/simpletal:4 dev-python/dnspython dev-python/imaging dev-python/reportlab -vp
Install FRED
To run FRED correctly it should be run as it's own user. Create a user called fred on your system. Ensure that the user belongs to the postgres group.
Add 'fred'
# useradd fred -U -G postgres,cron, # mkdir /home/fred; chown fred:fred /home/fred # su - fred
FRED-Manager
$ wget http://fred.nic.cz/sources/fred-manager; chmod +x fred-manager $ ./fred-manager download $ ./fred-manager configure $ ./fred-manager install
Once fred-manager has compiled and installed all the components of FRED without any errors you may try and start it.
Test
check if fred is working at all at this point:
$ ./fred-manager start SUCCESS: Starting PostgreSQL SUCCESS: Starting omniNames... SUCCESS: Starting FRED central registry CORBA servers... SUCCESS: Starting Apache... SUCCESS: Starting FRED webadmin HTTP server... SUCCESS: Starting named...
Add a TLD
To add a TLD to fred, the fred-admin command is used. Below is the script I use to add TLDs;
cat bin/fred_add_tld.sh #!/bin/bash ADMIN="/home/fred/root/sbin/fred-admin" if [[ ! $1 || ! $2 || ! $3 ]]; then echo "Usage:" basename $0 "<TLD> <hostmaster@email.tld> <nameserver_FQDN>" else $ADMIN --zone_add \ --zone_fqdn=$1 \ --ex_period_min=12 \ --ex_period_max=120 \ --ttl=18000 \ --hostmaster=$2 \ --refresh=10600 \ --update_retr=3600 \ --expiry=1209600 \ --minimum=7200 \ --ns_fqdn=$3
Below is the script I use to add an extra NS to a TLD; (will be updated soon)
#!/bin/sh ADMCMD=/srv/fred/root/sbin/fred-admin $ADMCMD --zone_ns_add \ --zone_fqdn=$1 --ns_fqdn=ns1.opennic.glue $ADMCMD --zone_ns_add \ --zone_fqdn=free --ns_fqdn=ns2.opennic.glue $ADMCMD --zone_ns_add \ --zone_fqdn=free --ns_fqdn=ns5.opennic.glue $ADMCMD --zone_ns_add \ --zone_fqdn=free --ns_fqdn=ns6.opennic.glue $ADMCMD --zone_ns_add \ --zone_fqdn=free --ns_fqdn=ns7.opennic.glue $ADMCMD --zone_ns_add \ --zone_fqdn=free --ns_fqdn=ns21.opennic.glue $ADMCMD --zone_ns_add \ --zone_fqdn=free --ns_fqdn=ns21.opennic.glue
Add a registrar
In order to register domains in the TLD just created, a registrar needs to be added to the system, given the correct permissions and an SSL cert needs to be created.
To add a user, use the script below;
cat bin/fred_add_registrar.sh #!/bin/bash ADMIN="/home/fred/root/sbin/fred-admin" if [[ ! $1 || ! $2 || ! $3 || ! $4 || ! $5 ]]; then echo "Usage:" basename $0 "<HANDLE> <Country> <Organisation> <Registrar name> <URL>" echo "Example:" basename $0 "foo DE fubarorg 'Fu Bar' domain.tld" else $ADMIN --registrar_add \ --handle=$1 \ --country=$2 \ --organization=$3 \ --reg_name=$4 \ --url=$5 fi
Now the following script gives the registrar permissions to add domains to a TLD;
cat bin/fred_permission.sh #!/bin/bash ADMIN="/home/fred/root/sbin/fred-admin" if [[ ! $1 || ! $2 ]]; then echo "Usage:" basename $0 "<HANDLE> <FQDN>" else $ADMIN --registrar_add_zone \ --handle=$1 \ --zone_fqdn=$2 \ --from_date=$(date +%Y-%m-%d) fi
For FRED to verify ssl certs, you first need to create CA authority;
http://www.tc.umn.edu/~brams006/selfsign.html : a great link which shows how to create one and sign your SSL cert
Create CA
$ openssl genrsa -des3 -out ca.key 4096 $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Create CSR
$ openssl genrsa -des3 -out client.key 4096 $ openssl req -new -key client.key -out client.csr
Sign CSR/Create CRT
$ openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Remove Passphrase
$ openssl rsa -in client.key -out client-nopass.key
To complete adding the new user, the MD5 fingerprint and users password needs to be entered into FRED. The following script will do this;
cat bin/fred_acl_mod.sh
#!/bin/bash
ADMIN="/home/fred/root/sbin/fred-admin"
if [[ ! $1 || ! $2 || ! $3 ]]; then
echo "Usage:" basename $0 "<cert> <HANDLE> <password>"
else
MD5=`openssl x509 -noout -fingerprint -md5 -in $1 | awk -F'=' '{ print $2 }'`
$ADMIN --registrar_acl_add \
--handle=$2 \
--certificate=$MD5 \
--password=$3Using the QT FRED client
On your Linux desktop of choice, download the FRED client package. The location of it is http:<fred-server-name>:22354/fred-client-2.1.4.zip. If the URL does not work[1], double check FRED is running. Unzip the downloaded package into your home dir. Then issue the following commands inside the unzipped archive;
python ./setup.py build & python ./setup.py install
The config file for the client lives in ./fred-client-2.1.4/data_files/conf/fred/fred-client.conf. The SSL certs live in ./fred-client-2.1.4/ssl/. To setup fred modify thhe following lines in fred-client.conf;
[...] [connect] dir=/path/to/fred-client-2.1.4/ssl host = <fred-server-name> port = 22351 ;ssl_cert = %(dir)s/test-cert.pem ;ssl_key = %(dir)s/test-key.pem ssl_cert = path/to/client.crt ssl_key = path/to/client-nopass.key username = <HANDLE> password = <PASSWORD> [...]
Once done you can start either the CLI or QT version of the client. In this howto we will use the QT version. To start it issue;
./fred-client-2.1.4fred-client-qt4.pyw
You will know if it worked as next to status it will say "ONLINE: username@fredserver".
0 - http://fred.nic.cz
1 - Troubleshooting
find relevant logfiles
$ find root/ -iname '*log'
Problem: fred-webadmin/fred-pyfred won't start, when executing 'sbin/fred-webadmin' the following debug message appears
/home/fred/root/sbin/fred-webadmin KEEP LOGGING TO /home/fred/root/var/log/fred-webadmin/fred-webadmin-20110807.log /usr/lib64/python2.6/site-packages/cherrypy/lib/http.py:4: DeprecationWarning: cherrypy.lib.http has been deprecated and will be removed in CherryPy 3.3 use cherrypy.lib.httputil instead. DeprecationWarning) Traceback (most recent call last): File "/home/fred/root/sbin/fred-webadmin", line 9, in <module> from fred_webadmin import adif File "/home/fred/root/lib/python2.6/site-packages/fred_webadmin/adif.py", line 54, in <module> from webwidgets.templates.pages import ( File "/home/fred/root/lib/python2.6/site-packages/fred_webadmin/webwidgets/templates/pages.py", line 4, in <module> from fred_webadmin.webwidgets.forms.filterforms import get_filter_forms_javascript File "/home/fred/root/lib/python2.6/site-packages/fred_webadmin/webwidgets/forms/filterforms.py", line 11, in <module> from forms import Form File "/home/fred/root/lib/python2.6/site-packages/fred_webadmin/webwidgets/forms/forms.py", line 10, in <module> from fields import Field File "/home/fred/root/lib/python2.6/site-packages/fred_webadmin/webwidgets/forms/fields.py", line 715, in <module> class MultiValueField(Field): File "/home/fred/root/lib/python2.6/site-packages/fred_webadmin/webwidgets/forms/fields.py", line 767, in MultiValueField value = LateBindingProperty(_get_value, _set_value) File "/home/fred/root/lib/python2.6/site-packages/fred_webadmin/utils.py", line 35, in __init__ property.__init__(self, fget, fset, fdel, doc) TypeError: readonly attribute
Solution
comment out line 26 in /home/fred/root/lib/python2.6/site-packages/fred_webadmin/utils.py
# __doc__ = property.__dict__['__doc__'] # see bug #576990
